Abstract: A service or load balancer may use the techniques herein to perform client authentication using a certificate-based identity provider. A client may send a request for access to a service of the provider network. In response, the service or a load balancer may redirect the request to a certificate-based identity provider in accordance with a standard identity protocol (e.g., a federated identity protocol such as the protocol for OpenID Connect (OIDC)). The certificate-based identity provider may obtain a client certificate and validate the client certificate. The identity provider may also obtain and verify other credentials. In response to validating the client certificate (and in some cases authenticating the credentials), the certificate-based identity provider may generate and sign an identity token and redirect the client back to the service in accordance with the identity protocol.

Abstract: In one or more examples, there is disclosed a system and method of detecting agent presence for self-healing. An out-of-band monitoring process, such as Intel® AMT, or any process in firmware executing on a co-processor, may monitor one or more processes to determine if one goes down or otherwise meets a security criterion. Crashed processes may be reported to an enterprise security controller (ESC). The ESC may notice trends among affected machines and instruct the machines to take appropriate remedial action, such as booting from a remedial image.

Abstract: In one or more examples, there is disclosed a system and method of detecting agent presence for self-healing. An out-of-band monitoring process, such as Intel® AMT, or any process in firmware executing on a co-processor, may monitor one or more processes to determine if one goes down or otherwise meets a security criterion. Crashed processes may be reported to an enterprise security controller (ESC). The ESC may notice trends among affected machines and instruct the machines to take appropriate remedial action, such as booting from a remedial image.

Abstract: A technique allows a parentally attested security token to serve as authentication for a minor using identifying attributes of the minor child. The security token may include personally identifiable information about the child, a description of authorized activity as well as specifications of intended use of the security token. The security token may include provisions for authentication to be revoked by a parent or guardian and/or expire after a predetermined time. The security token may be stored inside a trusted execution environment of a portable computing device that may be carried by the minor and presented at physical locations where authentication is required.

Abstract: A combined reach can be determined for multiple resources. Usage data, including audience duplication data, is used to generate audience duplication measurements for pairs of the resources. A child-resource pair is identified, and the audience duplication measurement for that resource pair is modified. The modified measurement is used to determine a combined reach for the multiple resources. A report is also generated based on the combined reach.

Abstract: There is disclosed in one example, a computing apparatus, having: first one or more logic elements comprising at least a processor and a memory to provide an operational environment; and second one or more logic elements providing an out-of-band management engine to function independently of the operational environment, and to: provide an out-of-band communication driver; determine that the operational environment has encountered an error that inhibits network communication; receive security content from a server via the out-of-band communication driver into a third-party storage area; and apply the security content to the computing apparatus. There is also disclosed a method of providing an out-of-band management engine, and one or more tangible, non-transitory computer-readable storage mediums having stored instructions for providing an out-of-band management engine.

Abstract: In one or more examples, there is disclosed a system and method of detecting agent presence for self-healing. An out-of-band monitoring process, such as Intel® AMT, or any process in firmware executing on a co-processor, may monitor one or more processes to determine if one goes down or otherwise meets a security criterion. Crashed processes may be reported to an enterprise security controller (ESC). The ESC may notice trends among affected machines and instruct the machines to take appropriate remedial action, such as booting from a remedial image.

Abstract: There is disclosed in one example, a computing apparatus, having: first one or more logic elements comprising at least a processor and a memory to provide an operational environment; and second one or more logic elements providing an out-of-band management engine to function independently of the operational environment, and to: provide an out-of-band communication driver; determine that the operational environment has encountered an error that inhibits network communication; receive security content from a server via the out-of-band communication driver into a third-party storage area; and apply the security content to the computing apparatus. There is also disclosed a method of providing an out-of-band management engine, and one or more tangible, non-transitory computer-readable storage mediums having stored instructions for providing an out-of-band management engine.

Abstract: A technique allows a parentally attested security token to serve as authentication for a minor using identifying attributes of the minor child. The security token may include personally identifiable information about the child, a description of authorized activity as well as specifications of intended use of the security token. The security token may include provisions for authentication to be revoked by a parent or guardian and/or expire after a predetermined time. The security token may be stored inside a trusted execution environment of a portable computing device that may be carried by the minor and presented at physical locations where authentication is required.

Abstract: A combined reach can be determined for multiple resources. Usage data, including audience duplication data, is used to generate audience duplication measurements for pairs of the resources. A child-resource pair is identified, and the audience duplication measurement for that resource pair is modified. The modified measurement is used to determine a combined reach for the multiple resources. A report is also generated based on the combined reach.

Abstract: A system, method, and computer program product are provided for receiving security content utilizing a serial over LAN connection. In use, an unsuccessful attempt to connect to a network for accessing security content at a remote second device is indicated by a first device, where the unsuccessful attempt results from a malfunction at the first device. Further, the security content is received at the first device utilizing a serial over local area network (LAN) connection established with the remote second device, based on the indication.

Abstract: A system, method, and computer program product are provided for receiving security content utilizing a serial over LAN connection. In use, an unsuccessful attempt to connect to a network for accessing security content at a remote second device is indicated by a first device, where the unsuccessful attempt results from a malfunction at the first device. Further, the security content is received at the first device utilizing a serial over local area network (LAN) connection established with the remote second device, based on the indication.

Abstract: Measurement data is accessed. The measurement data is associated with a group of users that have been exposed to at least one advertising creative that is part of an advertising campaign. The measurement data reflects one or more consumer responses and one or more non-zero exposure levels. The non-zero exposure levels correspond to non-zero amounts of exposures to at least one advertising creative that is part of the advertising campaign. A model that relates consumer response measures to one or more exposure levels is generated based on the accessed measurement data. Based on the generated model, a consumer response measure for a zero exposure level is determined. The zero exposure level corresponds to a zero amount of exposures to at least one advertising creative that is part of the advertising campaign. An advertising effectiveness metric is determined based on the consumer response measure for the zero exposure level and the accessed measurement data.

Abstract: A system and method for providing automated low bandwidth updates of computer anti-virus application components is described. Components of one or more deployed computer anti-virus applications requiring updating are periodically identified. Each updated computer anti-virus application component is pulled from a component repository on a centralized component server by a replicator. Each out-of-date computer anti-virus application component is updated. The one or more updated computer anti-virus application components for the computer anti-virus applications are pushed to superagents. The updated computer anti-virus application components to the deployed computer anti-virus applications are multicast to agents.